[RFC PATCH 0/3] arm64: errata: Disable FWB on parts with non-ARM interconnects
James Morse
james.morse at arm.com
Tue Feb 21 09:41:45 PST 2023
Hi Ard,
On 21/02/2023 14:38, Ard Biesheuvel wrote:
> On Thu, 16 Feb 2023 at 19:23, James Morse <james.morse at arm.com> wrote:
>> When stage1 translation is disabled, the SCTRL_E1.I bit controls the
>> attributes used for instruction fetch, one of the options results in a
>> non-cacheable access. A whole host of CPUs missed the FWB override
>> in this case, meaning a KVM guest could fetch stale/junk data instead of
>> instructions.
>>
>> The workaround is to disable FWB, and do the required cache maintenance
>> instead.
> So the system should behave as if SCTLR_EL1.I==1 when FWB is enabled,
> but it doesn't, right? Couldn't we just force SCTLR_EL1.I to 1 when
> FWB is enabled? I.e., trap writes and override the I bit - and if we
> want to pretend it is 0 we could trap reads and lie to the guest as
> well, but I doubt we'd even need that.
The affected parts don't have fine-grained traps, so we'd need to set HCR_EL2.TVM, which
traps loads of things. We'd only need it while the guest has the MMU disabled, and KVM
already has code that uses this trap to try and spot this ...
... but it only works until the first time you enable SCTRL_EL1.M as the trap is too
costly to leave enabled. If you put the workaround in there, it would work the first time
a guest booted, but a subsequent kexec, or any other reason to turn the MMU off is
exposed. Its an incomplete fix, I'd hate to have to debug it!
Thanks,
James
More information about the linux-arm-kernel
mailing list